Skip to content

Releases: cisagov/Malcolm

Malcolm v1.7.2

25 Nov 17:16
@mmguero mmguero
v1.7.2
ed939e8
Compare
Choose a tag to compare
Malcolm v1.7.2

Malcolm v1.7.2

idaholab/Malcolm@v1.7.1a...v1.7.2

  • Fixes issue #86
  • adds some sample configuration for sensor/forwarder usage
Assets 6
Loading

Malcolm v1.7.1a

20 Nov 21:23
@mmguero mmguero
v1.7.1a
8e3823a
Compare
Choose a tag to compare
Malcolm v1.7.1a

Malcolm v1.7.1a

idaholab/Malcolm@v1.7.0...v1.7.1a

  • redesign PCAP processing pipeline (pull request #81, issue #80) so that there is one service that watches the /data/pcap/processed directory and publishes to a ØMQ topic), then other services can subscribe to that topic and do what they want with the PCAP information they receive. This will make it much easier to add future PCAP processors, and also increases parallel-ness of the code

  • move common Logstash enrichments to a separate pipeline (pull request #81, issue #78). I've made the pipelines used for processing Logstash events more modular, and I've also made it more extensible by having the startup script dynamically detect and configure new pipelines on the fly. this will make it easier to add new parsers in the future (need to document how to do that in the readme though)

  • set opencontainers-compatible labels on docker containers

  • fix issue #82, OUI vendor names used by Logstash don't match those used by Moloch

  • split moloch container into pcap-monitor, zeek, and moloch containers

  • documentation fixex

  • dockerfile cleanup

  • bump Moloch to 2.1.0 (see changelog and security).

  • enable readTruncatedPackets for moloch's config.ini to handle more pcaps

Assets 6
Loading

Malcolm v1.7.0

28 Oct 19:46
@mmguero mmguero
v1.7.0
e2b96d8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Malcolm v1.7.0

Malcolm v1.7.0

idaholab/Malcolm@v1.6.0...v1.7.0

Malcolm v1.7.0 is a big release, with the following goodness:

  • Zeek 3.0
  • New parsers/analyzers, complete list:
    • Amazon.com, Inc.'s ICS protocol analyzers
    • Corelight's bro-xor-exe plugin
    • Corelight's community ID flow hashing plugin
    • J-Gras' Bro::AF_Packet plugin
    • Lexi Brent's EternalSafety plugin
    • MITRE Cyber Analytics Repository's Bro/Zeek ATT&CK-Based Analytics (BZAR) script
    • Salesforce's gQUIC analyzer
    • Salesforce's HASSH SSH fingerprinting plugin
    • Salesforce's JA3 TLS fingerprinting plugin
    • SoftwareConsultingEmporium's Bro::LDAP analyzer
  • Logstash: use the cidr plugin to assign internal_source, external_source, internal_destination, external_destination tags based on srcIp and dstIp Zeek logs
  • ISO installer tweaks
  • hardening compliance tweaks
  • Dashboards for all new protocols
  • Documentation updates
  • user account management (htadmin) improvements
  • bump Elastic to 6.8.4-oss
  • added human-readable names to types created with Moloch WISE
  • use ZeroMQ-based approach for file scanning queue
Assets 6
Loading

Malcolm v1.6.0

30 Sep 15:00
@mmguero mmguero
v1.6.0
d1479a1
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Malcolm v1.6.0

Malcolm v1.6.0

idaholab/Malcolm@v1.5.2...v1.6.0

  • fix issue #62, mapping of Zeek values to Moloch's http.uri
  • fix issue #63, "View JSON Document" context action for ID field in Moloch
  • improve Kibana filter pivot actions from Moloch to Kibana
  • added Zeek support for QUIC and corresponding dashboards
Assets 6
Loading

Malcolm v1.5.2

25 Sep 20:48
@mmguero mmguero
v1.5.2
d453713
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Malcolm v1.5.2

Malcolm v1.5.2

idaholab/Malcolm@v1.5.1...v1.5.2

  • added mechanism and example for sending email alerts via ElastAlert
  • added context menu pivot from Moloch to Kibana for most field values
  • Kibana can now be accessed at https://ip:5601/ (like before) or https://ip/kibana/
  • updated Moloch to v2.0.1
  • updated CyberChef to v9.4.0
  • updated some docker images from Debian 9 (stretch) to Debian 10 (buster)
Assets 6
Loading

Malcolm v1.5.1

09 Sep 21:23
@mmguero mmguero
v1.5.1
5b4d46c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Malcolm v1.5.1

Malcolm v1.5.1

idaholab/Malcolm@v1.5.0...v1.5.1

  • code fixes and documentation updates for running Malcolm successfully on Windows 10 using Docker Desktop for Windows
  • map zeek's host.name (from beats) to moloch's node field
  • changed mechanism by which JSON source for record in Moloch is viewed (now in the context menu options for the "ID" field)
  • allow Kibana to be accessed at "localhost:443/kibana" as well as "localhost:5601"
  • use named volume for autozeek text files rather than local directory
  • other minor bug fixes and documentation updates
Assets 6
Loading

Malcolm v1.5.0

04 Sep 17:54
@mmguero mmguero
v1.5.0
0dfa946
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Malcolm v1.5.0

Malcolm v1.5.0

idaholab/Malcolm@v1.4.0...v1.5.0

  • support multiple users and allow management of those users with web interface over port 488
  • added Community ID fingerprinting for flows
  • added HASSH fingerprinting for SSH
  • detect and upgrade Moloch administrative tables on startup if needed
  • default to faster java execution engine for Logstash
  • bump versions of Zeek and Moloch and Elastic/beats
  • improvements for ISO installer
  • documentation improvements
  • lots of bug fixes
Assets 6
Loading

Malcolm v1.4.0

25 Jul 22:00
@mmguero mmguero
v1.4.0
58d2211
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Malcolm v1.4.0

idaholab/Malcolm@v1.3.1...v1.4.0

This release:

  • adds multiple users and user account management (pull request #8/issue #39)
  • improvements to the ISO installer
  • bug fixes
Assets 6
Loading

Malcolm v1.3.1

11 Jul 19:52
@mmguero mmguero
v1.3.1
1af097b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Malcolm v1.3.1

This release:

  • mostly focuses on improvements to the ISO installer
  • fixes a couple of bugs

idaholab/Malcolm@v1.3.0...v1.3.1

Assets 6
Loading

Malcolm v1.3.0

28 Jun 16:23
@mmguero mmguero
v1.3.0
3851592
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Malcolm v1.3.0

This release:

  • adds the ability to configure snapshots (backups) of the Elasticsearch indices
  • includes some code cleanup/refactoring to reduce duplicated code and the size of the moloch container

idaholab/Malcolm@v1.2.2...v1.3.0

Assets 6
Loading